Facebook and CIA-backed Recorded Future say they are not scanning Facebook Chat messages

The way Facebook handles privacy has been called into question
for years. Now, a developer has claimed that
a third-party company is somehow scanning private Facebook
messages.

His claim got a lot of
attention this morning on Hacker News, a
popular message board for software developers.

Except both Facebook and the company itself, Recorded Future, say
they have no idea what's going on.

Coder website Bosnadev wrote a
blog post this morning looking into what happened when
it posted a private link in Facebook chat. The group had built an
app that had never been published. It then posted the link to the
app in private Facebook chat box and tracked who opened the
link.

For the first three minutes Facebook’s own IP address looked into
the link. This shouldn’t come as a surprise — Facebook and most
any other chat function routinely check links. But three minutes
after that, an IP address from the company Recorded Future hit
the link.

Recorded
Future works to identify real-time online risks by
collecting and analyzing sources on the web. Recorded
Future is a private company, as are most of its clients, but it
does have ties with the government thanks to an
investment from the CIA’s investment arm, which set the
conspiracy theorists off.

But to us, the company explicitly denied looking at Facebook Chat
messages.

"We have no
ideawhat the guy is
referring to. We only get Public/Open Facebook
data, and certainly
have no
interest nor any
technical ability to get to any chat
data at all," Recorded
Future told Business Insider.

The company added in a
Hacker News comment, "Our systems followed this URL
after it was posted on a public site. Our system constantly
explores links published on the web. We've checked our logs and
confirmed that this is what happened in this specific case. It's
not related to any Facebook chat messages containing this link.
Our system doesn't access that information."

Facebook also said it's not working with Recorded Future, and
wasn't sure what the blogger has found.

"While investigating the claims of
this post, we've confirmed that Facebook doesn't use Recorded
Future — an open source aggregator of public data — to scan any
private content. That means we haven't partnered with or directed
Recorded Future to scan anyone's message
links. It's hard to
tell precisely what's going on based on the amount of information
in the post. It's possible that another interaction, including
one that could be occurring on the client machine, is consuming
the URL and generating this behavior."

So what's going on here? We're not sure, but you can follow the
discussion on Hacker News and see where it ends up.